83c1f82fb25a73cb689190ae05a1abdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83c1f82fb25a73cb689190ae05a1abdf_JaffaCakes118
Size

4.2MB
MD5

83c1f82fb25a73cb689190ae05a1abdf
SHA1

99c51fbe86ae361db0aed40a23533557bbff117e
SHA256

631cf086d9053126ec3a55af257fc17b9eafe3300edf9e4c109ecd716ca2ccf5
SHA512

eb040a49c65e916c233ea22fd5ca182e1ebd291a06cc13061b9fd049ad34942e92dc5e7556dc322d120d0e5c5efb5e20f0b399e98b6a4bacf6cc19c2ac59f25c
SSDEEP

98304:JGV3qqiFGQ0d0qr9AtcDv9+0M9cIlr1mcxfY7zLLVz:EV6qKGQW0qrWtW9dmcar1Qxz

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EasyWatermark 7.03/EasyWatermark.exe
unpack001/EasyWatermark 7.03/EasyWatermark.lcf
unpack001/EasyWatermark 7.03/ImgEditor.exe
unpack001/EasyWatermark 7.03/ImgEditor.lcf
unpack001/EasyWatermark 7.03/TplEditor.exe
unpack001/EasyWatermark 7.03/TplEditor.lcf

Files

83c1f82fb25a73cb689190ae05a1abdf_JaffaCakes118
.rar
EasyWatermark 7.03/Data.phd
EasyWatermark 7.03/EasyWatermark.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 874KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idcxkwbv
Size: 718KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jigipoqo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EasyWatermark 7.03/EasyWatermark.lcf
.dll windows:1 windows x86 arch:x86

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3220

_flushall
_abort
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ErrorMessage
__ExceptionHandler
___debuggerDisableTerminateCallback
__free_heaps
__startup
__startupd

kernel32

GetVersion
GetProcAddress
GetModuleHandleA

Exports

Exports

__DebuggerHookData

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyWatermark 7.03/Help.chm
.chm
EasyWatermark 7.03/ImgEditor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 448KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyWatermark 7.03/ImgEditor.lcf
.dll windows:1 windows x86 arch:x86

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3220

_flushall
_abort
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ErrorMessage
__ExceptionHandler
___debuggerDisableTerminateCallback
__free_heaps
__startup
__startupd

kernel32

GetVersion
GetProcAddress
GetModuleHandleA

Exports

Exports

__DebuggerHookData

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyWatermark 7.03/License.dat
EasyWatermark 7.03/Logo.bmp
EasyWatermark 7.03/Sample.jpg
.jpg
EasyWatermark 7.03/TplEditor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 456KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyWatermark 7.03/TplEditor.lcf
.dll windows:1 windows x86 arch:x86

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3220

_flushall
_abort
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ErrorMessage
__ExceptionHandler
___debuggerDisableTerminateCallback
__free_heaps
__startup
__startupd

kernel32

GetVersion
GetProcAddress
GetModuleHandleA

Exports

Exports

__DebuggerHookData

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EasyWatermark 7.03/Watermarks/Demo1.wg
EasyWatermark 7.03/Watermarks/Demo1_2999046_M.bmp
EasyWatermark 7.03/Watermarks/Demo1_I.bmp
EasyWatermark 7.03/Watermarks/Demo2.wg
EasyWatermark 7.03/Watermarks/Demo2_I.bmp
EasyWatermark 7.03/leftlogo.bmp

Sharing

General

Malware Config

Signatures

Files

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 874KB - Virtual size: 2.5MB

.rsrc Size: 106KB - Virtual size: 407KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 880KB

idcxkwbv Size: 718KB - Virtual size: 720KB

jigipoqo Size: 512B - Virtual size: 4KB

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

Imports

cw3220

kernel32

Exports

Exports

Sections

CODE Size: 1KB - Virtual size: 4KB

DATA Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 1.2MB - Virtual size: 1.2MB

DATA Size: 67KB - Virtual size: 67KB

BSS Size: - Virtual size: 448KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 36B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 66KB - Virtual size: 66KB

.rsrc Size: 94KB - Virtual size: 94KB

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

Imports

cw3220

kernel32

Exports

Exports

Sections

CODE Size: 1KB - Virtual size: 4KB

DATA Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 1.4MB - Virtual size: 1.4MB

DATA Size: 64KB - Virtual size: 64KB

BSS Size: - Virtual size: 456KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 36B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 88KB - Virtual size: 87KB

.rsrc Size: 133KB - Virtual size: 133KB

68f04f45c60bb54c43296ff45f4ad098

Headers

File Characteristics

Imports

cw3220

kernel32

Exports

Exports

Sections

CODE Size: 1KB - Virtual size: 4KB

.rsrc
Size: 106KB - Virtual size: 407KB

.idata
Size: 512B - Virtual size: 4KB

idcxkwbv
Size: 718KB - Virtual size: 720KB

jigipoqo
Size: 512B - Virtual size: 4KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 1.2MB - Virtual size: 1.2MB

DATA
Size: 67KB - Virtual size: 67KB

BSS
Size: - Virtual size: 448KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 66KB - Virtual size: 66KB

.rsrc
Size: 94KB - Virtual size: 94KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 1.4MB - Virtual size: 1.4MB

DATA
Size: 64KB - Virtual size: 64KB

BSS
Size: - Virtual size: 456KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 88KB - Virtual size: 87KB

.rsrc
Size: 133KB - Virtual size: 133KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 4KB